David Mangiaracino
An ongoing Denial of Service (DoS) attack has been unleashed on .onion sites hosted on the Tor network for over a week. Concurrently, two of the most popular darknet marketplaces went off line. Some arrests were made but questions remain unanswered.
Research exposed a now patched bug in Tor. Version 3 .onion sites require that a state of consensus be maintained for clients and service to be able to reach one another. The consensus mechanism skipped a couple of blocks due to the ongoing DoS attacks. Instead of continuing to broadcast the still unexpired consensus information they waited for a new block.
Other Bitcoin services were also affected by the outage.
Wasabi, a bitcoin wallet that runs over Tor, was not heavily impacted because it is set to fall back to version 2 onion services. Several .onion sites got around the bug by deploying copies of their sites as version 2 .onion addresses. Bisq, a decentralized peer-to-peer cryptocurrency exchange, reassured users throughout the interruptions on twitter.
BTC is safe of course…no threat from this particular developent. Missing messages can be resent. If not, payouts can be arranged with mediation.
— Bisq (@bisq_network) January 10, 2021
Tor is still having issues.
Mailbox messages may get lost, making it seem like a peer is unresponsive.
Please be patient and allow peers more time to respond than usual.
— Bisq (@bisq_network) January 10, 2021
As the smoke cleared and onion sites came back on line, it was announced that German law enforcement in cooperation with an international team have taken down what is believed to have been the biggest market on the darknet.
They detained a 34-year-old Australian national they believe to have to have been operating the onion site DarkMarket.
According to Oldenburg authorities “A total of at least 320,000 transactions were carried out via the marketplace, with more than 4,650 Bitcoin and 12,800 Monero – two of the most common cryptocurrencies – changing hands.”
It is still unclear what happened to Yellow Brick, another darknet marketplace that also went offline around the same time. There are reports that DarkMarket and Yellow Brick had an employee in common. Yellow Bricks customers losing access to their crypto once again highlights the importance of self custodial wallets.
Multiple sources claim that a staff member at DarkMarket also worked at Yellow Brick, which went offline the same week. Did YB exit or were they also arrested? Remember that LE does not announce all arrests.
— dark.fail (@DarkDotFail) January 14, 2021
Yellow Brick Market, the ugliest darknet market to date, has disappeared stealing all of its users' cryptocurrency. It was a mid-sized cryptomarket, never a big player. Are ugly sites more or less likely to scam? #DarknetUX https://t.co/gVv7RjcR5G
— dark.fail (@DarkDotFail) January 11, 2021
White House Market is now the most active darknet market following DarkMarket's seizure. It has many security features that frustrate newcomers. When it comes to privacy, usually the easier a site/app is to use, the less protected you are. Don't buy drugs, don't commit crimes.
— dark.fail (@DarkDotFail) January 14, 2021
White House Market is reported to have become the most active market. It is hosted on both ToR and I2P. All transactions are in Monero. We covered Monero in this article on privacy coins.
Tor developers have decided to pursue two solutions to the network’s vulnerabilities to DoS attacks in the future. The first set of solutions involves improving the way nodes handle getting overloaded with connections. The second solution is more geared to being a long term fix.
They are exploring ways in which anonymous tokens can be used to filter people using Tor from bad actors attacking the network or onion sites. Besides stopping the DoS attacks there are several other advantages to using a token system. Using tokens, Tor would be able to limit exit node abuse by spammers and automated tools. Tor may finally be able to deploy human friendly .onion addresses.
Part of the proposed token system might be of interest to readers here is to use Proof of Work (PoW). In this proposed solution clients would demonstrate good will by solving a Proof-of-Work puzzle. As an attacker’s attack increased the Pow difficulty would increase making it more resource intensive to sustain the attack. Getting the balance right to not overwhelm good user experience is the trick.
In short, it seems every attack eventually makes the system stronger in pursuit of privacy.
David Mangiaracino is a Linux systems administrator and website developer at Perpend Strategies.